A method and system for simulating computer networks and computer network components to test computer network security is disclosed. A user specifies a desired configuration of a simulated computer network by using a configuration manager. The user also defines all the network components within the simulated computer network by specifying whether a component should be provided in hardware or should be simulated via software. Upon receiving the above-mentioned information from the user, the configuration manager acquires the required hardware resources from a hardware inventory. The configuration manager utilizes an interface switch that connects the hardware in the hardware inventory to produce the desired network layout. Next, the specified configuration for each of the network components is pushed into the acquired hardware resources. Computer network components to be simulated with software are subsequently initialized by the configuration manager. At this point, the user can use the simulated computer network for real-time testing of network security.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for simulating a computer network in order to facilitate testing computer network security, said method comprising: providing a hardware inventory of physical network components; providing a software library of simulated network components; receiving a specific user-defined computer network configuration for testing network security of said specific user-defined network configuration, a user defining all the physical network components and the simulated network components needed to simulate the user-defined network; in response to the receipt of said specific user-defined computer network configuration to be simulated, selectively acquiring only the user defined physical network components from said hardware inventory, and selectively acquiring only the user defined simulated network components from said software library to create a simulated computer network; configuring said acquired physical network components within said simulated computer network via an interface switch; configuring said acquired simulated network components within said simulated computer network via a plurality of daemons; performing computer network security tests in real-time on said simulated computer network having said acquired physical network components and said simulated network components; and displaying results of said computer network security tests to the user.
2. The method of claim 1 , wherein said method further includes pushing a configuration on said acquired physical network components.
3. The method of claim 1 , wherein said hardware inventory includes one or more routers.
4. The method of claim 1 , wherein said hardware inventor includes one or more firewalls.
5. The method of claim 1 , wherein said hardware inventory includes one or more workstations.
6. The method of claim 1 , wherein said interface switch is a local area network switch.
7. A computer system capable of simulating a computer network in order to facilitate testing computer network security, said computer system comprising: a hardware inventory of physical computer network components; a software library containing a plurality of simulated computer network components; means for receiving a specific user-defined computer network configuration for testing network security of said specific user-defined network configuration. a user defining all the physical network components and all the simulated network components needed to simulate the user-defined network; a configuration manager, in response to the receipt of said specific user-defined computer network configuration to be simulated, for selectively acquiring only the user defined physical computer network components from said hardware inventory, and selectively acquiring only the user defined simulated network components from said software library to construct a simulated computer network; an interface switch for selectively establishing logical links between said configuration manager and at least one of said physical computer network components within said inventory of physical computer network components, in accordance with said specific computer network configuration; a plurality of daemons for selectively configuring said simulated network components within said software library, in accordance with said specific computer network configuration; and a visualization and reporting module for displaying results of said computer network security tests to the user.
8. The computer system of claim 7 , wherein said inventory of physical computer network components includes one ore more routers.
9. The computer system of claim 7 , wherein said inventory of physical computer network components includes one ore more firewalls.
10. The computer system of claim 7 , wherein said inventory of physical computer network components includes one ore more workstations.
11. The computer system of claim 7 , wherein said interface switch is a local-area network switch.
12. The computer system of claim 7 , wherein said configuration manager includes a network/system configuration module, a network/system management module and a scenario builder module.
13. The method of claim 1 , wherein said method further includes receiving a list of network components within said specific computer network configuration which are to be emulated with hardware; and receiving a list of network components within said specific computer network configuration which are to be simulated by software.
14. The computer system of claim 7 , wherein said computer system further includes further includes means for receiving a list of network components within said specific computer network configuration which are to be emulated with hardware; and means for receiving a list of network components within said specific computer network configuration which are to be simulated by software.
15. The computer system of claim 7 , wherein said interface switch is configured by a configuration manager.
16. The computer system of claim 7 , wherein said plurality of daemons are launched by said configuration manager.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
May 10, 2002
May 27, 2008
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.